Linux Kernel 2.6.39 < 3.2.2 (x86/x64) - 'Mempodipper' Local Privilege Escalation (2)

/ Exploit code is here: http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c Blog post about it is here: http://blog.zx2c4.com/749 / / Mempodipper by zx2c4 Linux Local Root Exploit Rather than put my write up here, per usual, this time I've put it in a rather lengthy blog post:...

Gregarius 0.x.x Cross Site Scripting / SQL Injection

Exploit Title: Gregarius 0.x.x SQL Injection/Cross Site Scripting Date: 7.01.2012 Author: Sony Software Link: http://www.phpkode.com/projects/item/gregarius/ Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC:...

SAT1 Portal Website - SQL Injection Vulnerability

Document Title: =============== SAT1 Portal Website - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=377 Release Date: ============= 2012-01-06 Vulnerability Laboratory ID VL-ID: ==================================== 377 Produ...

SAT1 Portal Website - SQL Injection Vulnerability

Document Title: =============== SAT1 Portal Website - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=377 Release Date: ============= 2012-01-06 Vulnerability Laboratory ID VL-ID: ==================================== 377 Produ...

PHP Hashtables Denial of Service

Exploit for php platform in category dos / poc 0day.today 2018-02-06...

CVE-2011-5029

Multiple cross-site scripting XSS vulnerabilities in Simple PHP Blog 0.7.0 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the 1 entry parameter to delete.php or 2 category parameter to index.php...

CVE-2011-5029

CVE-2011-5029 affects Simple PHP Blog, version 0.7.0 (and possibly earlier). The vulnerability is a cross-site scripting (XSS) flaw in which an attacker can inject arbitrary web script or HTML via the following parameters: (1) entry parameter to delete.php and (2) category parameter to index.php....

DIY-CMS blog mod SQL Injection

Exploit for php platform in category web applications Exploit Title: DIY-CMS blog mod SQL Injection Author: snup Contact: email protected Site: http://e-o-u.org SQL Injection: DORK: inurl:"mod.php?mod=blog" intext:"powered by DIY-CMS" inurl:"mod.php?mod=blog" BUG:...

DIY-CMS blog mod - SQL Injection

Exploit Title: DIY-CMS blog mod SQL Injection Author: snup Contact: [email protected] Site: http://e-o-u.org SQL Injection: DORK: inurl:"mod.php?mod=blog" intext:"powered by DIY-CMS" inurl:"mod.php?mod=blog" BUG: http://127.0.0.1/diy-cms/mod.php?mod=blog&modfile=tags&tag=features&start=sqli...

Pixie 1.04 - Blog Post Cross-Site Request Forgery

Exploit Title: Pixie v1.04 blog post CSRF Google Dork: Date: 11-Dec-2011 Author: hackme Software Link: http://pixie-cms.googlecode.com/files/pixiev1.04.zip Version: 1.04 Tested on: Linux Ubuntu 10.10 CVE : + TH4NKZ T0: broiosen,ReGun and hackgame.it + Vulnerable Url:...

[SECURITY] Fedora 15 Update: libsocialweb-0.25.20-1.fc15

libsocialweb is a social data server which fetches data from the "social we b", such as your friend's blog posts and photos, upcoming events, recently play ed tracks, and pending eBay auctions. It also provides a service to update your status on web services which support it, such as MySpace and...

Iceberg information distribution system background landing vulnerability and fix-vulnerability warning-the black bar safety net

The default backend for the admin Can directly use a' or 1=1 The php universal password into the background Background there upload directly upload 1. asp;jpg Click to see the original file shows that path Excerpted from the little Dragon blog Solution: filtering...

Google Releases Chrome 15.0.874.121

Google has released Chrome 15.0.874.121 for Linux, Mac, Windows, and Chrome Frame to address a vulnerability. This vulnerability allows an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to Chrome...

[BSA-057] Security update for nss

This update to the NSS cryptographic libraries revokes the trust in the "DigiCert Sdn. Bhd" certificate authority. More information can be found in the Mozilla Security Blog: http://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/ This...

Google Releases Chrome 15.0.874.120

Google has released Chrome 15.0.874.120 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

Google Releases Chrome 15.0.874.102

Google has released Chrome 15.0.874.102 for Linux, Mac, Windows, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Releases blog entry and update to...

Beware of New Twitter Spam - "Bad blog going around about you"

Beware of New Twitter Spam - "Bad blog going around about you" This is not first time I have received spam messages from Twitter. Just now I checked my twitter account and what I see is two Direct Message saying "Bad blog going around about you, have you read it yet?" followed by a URL shortened...

emlog 4.1.0 敏感信息泄漏漏洞

emlog是一款基于PHP和MySQL平台的功能强大的个人博客系统blog，该版本存在敏感信息泄漏的漏洞。 泄露作者名称： http://site/content/cache/user 泄露配置信息 http://site/content/cache/options 漏洞证明 修复方案： 升级最新官方版本，官方链接：www.emlog.net...

Android malware - Works on remote commands form encrypted blog

Android malware - Works on remote commands form encrypted blog Researchers from Trend Micro have spotted a piece of malicious software for Android. This is the first known Android malware that reads blog posts and interprets these as commands. It can also download and install additional...

Android malware - Works on remote commands form encrypted blog

Android malware - Works on remote commands form encrypted blog Researchers from Trend Micro have spotted a piece of malicious software for Android. This is the first known Android malware that reads blog posts and interprets these as commands. It can also download and install additional...